About 1.2 billion social media profiles and other data found in unsecured Google Cloud server

PHOTO: Pixabay
Sharmila Nair
The Star/Asia News Network

About 1.2 billion records were left exposed in an unsecured Google Cloud server, claims dark web researcher Vinny Troia.

According to Wired, Troia claims that the said data doesn't include critical information such as passwords or credit card details, but nevertheless contains hundreds of millions of home and mobile phone numbers, as well as social media profiles like Facebook, Twitter, LinkedIn and Github.

Troia reportedly said that he had never seen such a sheer volume of social media and user profiles collated in a single database, supposedly amounting to 4TB of data.

"From the perspective of an attacker, if the goal is to impersonate people or hijack their accounts, you have names, phone numbers, and associated account URLs. That's a lot of information in one place to get you started," Wired quotes Troia as saying.

The researcher apparently stumbled upon the server while doing a routine scan for unprotected data on the Internet using two web scanning services, adding that the server's IP address gave no information other than it traced back to Google Cloud services.

A majority of the data was reportedly sourced from a database by a company called People Data Labs (PDL) - a data broker that claims to have the data of over 1.5 billion people for sale.

However, PDL's co-founder Sean Thorne was quoted as saying that the company doesn't own the server that hosted the data: "Once a customer receives data from us, or any other data providers, the data is on their servers and the security is their responsibility."

Troia claims that he doesn't know who collected the data or if it was downloaded by anyone other than himself. He reported the exposure to the United States Federal Bureau of Investigation and claims that within hours of doing so, the server went offline.

Wired added that the FBI declined to comment on the issue.

More about
Digital Google Social media cyber security Cyberattack

